Enterprise firewalls serve many purposes. Traditionally, they have been used to protect computers within an enterprise network from external attacks. Increasingly, one of the purposes of enterprise firewalls is to monitor outgoing traffic from within the enterprise network to external sites. Monitoring outgoing traffic can help protect against exfiltration of data done for nefarious purposes, and can help uncover when an internal computer has been comprised or when an internal user has been tricked into visiting an untrustworthy Website.
The SSL (Secure Sockets Layer) protocol is a popular protocol for allowing a client computer to engage in secure communications with a server computer. For example, using the SSL protocol, a user may divulge his credit card number secure in the knowledge that all communication with the merchant's Website is encrypted. Unfortunately, the SSL protocol provides that outgoing encrypted traffic must pass straight through the enterprise firewall unexamined. This is because the SSL protocol requires end-to-end encryption (from server to browser). This can be very dangerous, as it means that data can be stolen or malicious computer code tunneled through the firewall impervious to examination by security scanning software associated with the firewall.
Enterprises are reluctant to deal with this problem, because there are so many useful Websites that require SSL in order to operate properly, e.g., sites performing credit card transactions. Attempts to provide whitelists of allowable SSL Websites anger internal users and create a high administrative burden for security administrators.
As firewalls are configured more strictly to block traffic on ports known to be used by Remote Access Trojans (RATs) or suspicious traffic in general, attackers will increasingly tunnel return traffic from a compromised computer to the attacker's network using SSL. Tunneling using SSL allows a compromised host computer to communicate through the enterprise firewall, and the strong encryption provided by SSL prevents security software from examining and recognizing the dangerous contents of that traffic.
One proposed solution to this problem is known as “SSL stripping”. In this approach, a proxy associated with the firewall is intentionally configured to conduct a man-in-the-middle attack on outgoing SSL traffic. Assuming that the client computers within the enterprise network are configured to trust an enterprise signing key, the proxy uses said enterprise signing key to spoof an arbitrary Website outside the confines of the enterprise network, thus enabling the proxy to decrypt outgoing SSL traffic. SSL stripping has not gained widespread adoption for a number of reasons, including performance, security, and legal requirements related to privacy.
What is needed is a way to solve the aforesaid security problems presented by SSL and related protocols without incurring the problems introduced by SSL stripping. The present invention overcomes these problems admirably.